Two independent Italian security researchers have investigated the business behind Facebook spam – and estimate that the trade is worth around $200m a year.
The researchers – who previously investigated the “black market” in fake Twitter followers – looked at black-market websites which “sold” access to Facebook users. The scams work by encouraging Facebook users to join fake fan pages, then bombarding the victims with unwanted links. The sites begin life as “real” fan sites, then spammers begin sending links promising offers such as “Free iPhones”, the researchers said. By tracking their use of URL shortening services such as Bit.ly, the researchers were able to track the number of clickthroughs to third-party sites.
“The spam posters get paid an average of $13 per post, for pages that have around 30,000 fans, up to an average of $58 to post on pages with more than 100,000 fans,” De Micheli said in an interview with The Guardian. “If we consider these two as extremes, the pages we analyzed generate a revenue of 18,000 posts per day, times the revenue per post – ranging from $13 to $58 – 365 days a year.”
The researchers spoke to scammers as part of their research – and some claimed that Facebook shied away from banning fan pages because of the amount of content they generated and shared.
“Facebook doesn’t ban us, simply because we generate the content on Facebook itself. Everyday I materialize funny, and interesting content full of phrases and so forth that is shared and liked by thousands of users,” said one in a Skype conversation, according to the Guardian’s report. “Without the fan pages Facebook would be an empty place. Tell me how many links do you see shared by your friends on your timeline everyday? You see – the answer is simple.”
Last week, Mr De Micheli unearthed malware which was spreading on Facebook in the guise of a browser plug-in, claiming that 800,000 had fallen victim.
“A few years ago, you’d tell your friends, don’t click on attachments,” Mr. De Micheli said. “Now, the same advice applies to browser add-ons.” Andrea Stroppa and Carlo De Michel previously spent months investigating the ‘grey market’ where Twitter followers are sold – and found dozens of firms selling followers, and even selling ‘retweets’ to make people appear interesting.
Author Rob Waugh, We Live Security